-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdocker-compose.yml
More file actions
119 lines (114 loc) · 3.69 KB
/
docker-compose.yml
File metadata and controls
119 lines (114 loc) · 3.69 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
services:
postgres:
image: postgres:15-alpine
container_name: keycloak-postgres
environment:
POSTGRES_DB: ${POSTGRES_DB:-keycloak}
POSTGRES_USER: ${POSTGRES_USER:-keycloak}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-keycloak}
volumes:
- postgres_data:/var/lib/postgresql/data
networks:
- keycloak-network
healthcheck:
test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-keycloak}"]
interval: 10s
timeout: 5s
retries: 5
keycloak-init:
image: postgres:15-alpine
container_name: keycloak-init
depends_on:
postgres:
condition: service_healthy
networks:
- keycloak-network
environment:
- PGPASSWORD=${POSTGRES_PASSWORD:-keycloak}
- DISABLE_MASTER_SSL=${DISABLE_MASTER_SSL:-true}
command:
- sh
- -c
- |
if [ "$$DISABLE_MASTER_SSL" = "true" ]; then
echo "Waiting for Keycloak to initialize database..."
for i in 1 2 3 4 5 6; do
sleep 10
if PGPASSWORD=$$PGPASSWORD psql -h postgres -U ${POSTGRES_USER:-keycloak} -d ${POSTGRES_DB:-keycloak} -c "UPDATE REALM SET ssl_required = 'NONE' WHERE id = 'master';" 2>/dev/null; then
echo "SSL disabled for master realm"
exit 0
fi
echo "Retrying... ($$i/6)"
done
echo "Could not update master realm SSL setting"
fi
restart: "no"
keycloak:
image: quay.io/keycloak/keycloak:26.0.2
container_name: keycloak
command:
- start-dev
- --db=postgres
- --db-url=jdbc:postgresql://postgres:5432/${POSTGRES_DB:-keycloak}
- --db-username=${POSTGRES_USER:-keycloak}
- --db-password=${POSTGRES_PASSWORD:-keycloak}
- --hostname-strict=false
- --http-enabled=true
# Uncomment the next line to enable realm import from realm-export.json
# - --import-realm
environment:
KC_BOOTSTRAP_ADMIN_USERNAME: ${KEYCLOAK_ADMIN_USERNAME:-admin}
KC_BOOTSTRAP_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD:-admin}
KC_HEALTH_ENABLED: true
KC_METRICS_ENABLED: true
DISABLE_MASTER_SSL: ${DISABLE_MASTER_SSL:-true}
ports:
- "${KEYCLOAK_PORT:-8080}:8080"
volumes:
# Realm import is optional - only mount if KEYCLOAK_IMPORT_REALM is set
- ./src/main/resources/realm-export.json:/opt/keycloak/data/import/realm-export.json:ro
depends_on:
postgres:
condition: service_healthy
networks:
- keycloak-network
healthcheck:
test:
["CMD-SHELL", "curl -f http://localhost:8080/health/ready || exit 1"]
interval: 30s
timeout: 10s
retries: 5
start_period: 60s
springboot-app:
build:
context: .
dockerfile: Dockerfile
container_name: springboot-keycloak-security
environment:
KEYCLOAK_REALM: ${KEYCLOAK_REALM:-my-realm}
KEYCLOAK_SERVER_URL: ${KEYCLOAK_SERVER_URL:-http://keycloak:8080}
KEYCLOAK_CLIENT_ID: ${KEYCLOAK_CLIENT_ID:-user-management-service}
KEYCLOAK_CLIENT_SECRET: ${KEYCLOAK_CLIENT_SECRET:-}
KEYCLOAK_ADMIN_USERNAME: ${KEYCLOAK_ADMIN_USERNAME:-admin}
KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD:-admin}
KEYCLOAK_ADMIN_CLIENT_ID: ${KEYCLOAK_ADMIN_CLIENT_ID:-admin-cli}
SERVER_PORT: ${SERVER_PORT:-8083}
ports:
- "${SERVER_PORT:-8083}:8083"
depends_on:
keycloak:
condition: service_healthy
networks:
- keycloak-network
healthcheck:
test:
["CMD-SHELL", "curl -f http://localhost:8083/actuator/health || exit 1"]
interval: 30s
timeout: 10s
retries: 5
start_period: 40s
volumes:
postgres_data:
networks:
keycloak-network:
driver: bridge